In December, the Pentagon and the US intelligence community came to an alarming conclusion. Hackers had breached their security, potentially stealing unknown amounts of classified information and jeopardizing national security.
First revealed by FireEye, a private cybersecurity firm, the massive hack was thought to be the work of the Russians. Although it appears that Moscow had a leading role in the cyber intrusion, now it appears that the Chinese were also able to access sensitive information.
The hack targeted the Department of Defense, several intelligence agencies, and nuclear laboratories. The damage caused by the cyber intrusion is still undetermined.
But the cyberattacks targeted not only government agencies and departments but also several Fortune 500 companies.
Now it appears that the Chinese got access to the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, stealing the personal information of thousands, if not millions, of government employees. Put together with the hacking of the Office of Personnel Management (OPM) sometime around 2012, the Chinese have succeeded in stealing the personal information of the majority of the US government employees. In addition, they have the personal, financial, and even DNA information of a great chunk of the U.S. population.
In response to this brazen cyberattack by the Chinese hackers, the Federal Communications Commission (FCC) has designated five Chinese telecommunications companies as a national security threat. Huawei Technologies Co, ZTE Corp, Hytera Communications Corp, Hangzhou Hikvision Digital Technology Co, and Zhejiang Dahua Technology Co., are all now blacklisted.
U.S. government agencies and private firms aren’t allowed to purchase equipment from those companies (or at least not get government funding if they choose in the case of the private firms) and they will be able to be reimbursed for any equipment from those companies that they currently operate.
Sandboxx News spoke with a subject matter expert on digital security, who also has a joint special operations and intelligence background, about the threat posed by Chinese cyber capabilities and Beijing’s intentions behind its unprecedented and aggressive bulk data collection.
“It raises many questions regarding what China is doing or intends to do with big data, as we’ve seen elsewhere in the world – harvesting petabytes of data and leveraging the expansive reach of both private and public institutions to do it the world-around—a tough situation to manage,” said the expert.
In this undeclared cyberwar, it seems that private firms have an edge over governments, or at least governments where the public and private sectors are clearly distinguished, which is the case in the West; conversely, in China and Russia, private and government sectors are indistinguishable when it comes to national security, considerably mudding the waters.
“I think private organizations have realized that the government is almost powerless to stop them, which is why private firms such as FireEye or others are doing so well. But I don’t know if we’ll be able to find a balance between sophisticated adversaries and a capable and still mildly convenient [data] storage solution.”
Chinese and Russian hackers have found ways to get classified data from places where the US doesn’t expect them to. The OPM hack was a prime example of that tactic. The Chinese were able to steal the personal information of millions of government employees, including intelligence officers, from a place where security might not have been as tight as it would have been in their parent agencies, such as the NSA or CIA.
One option to counter this would be to revert to older, manual ways of storing information. But there are downsides to that.
“Remove the convenience and the system becomes all the more cumbersome. Try to lean into the technology available, and adversaries are bound to find a way in. It’s possible to alter the paradigm by choosing not to play the game, but most governments are realizing they can’t afford to do that, lest they risk seeing their citizens, infrastructure, and other aspects of civil society fall prey to cunning adversaries in the critical domain of cyberspace,” the expert told Sandboxx News.
In all of this, private citizens might feel powerless, embroiled in a cyber conflict of world powers. But there are ways to defend yourself.
“Thankfully, there are concrete things one can do to counter the adverse or costly impacts of an unauthorized party (be they a nation-state or criminal entity) from taking advantage of your data or otherwise imposing costs on you as an individual—and that all begins with assuming some measure of personal responsibility for the digital security and privacy of yourself and your family as an independent individual,” the expert added.
Privacy Matters, a digital security and privacy publication, recently published a piece trying to demystify the use of hacked data. Emails, phone numbers, driver’s licenses are all out there for potential exploitation by malign actors. So taking proactive steps to ensure your digital footprint is small or at least well-guarded is crucial.
